nmap is a tool that lets you discover hosts on your network and what ports those hosts have open.
nmap is not 100% accurate. It uses a variety of methods at different levels of the networking stack to detect hosts and their open ports.
One really cool feature of
nmap is that it can use the subtle differences in networking implementations between Windows, OS X, and Linux to determine which operating system a host is running.
nmap, if you’re on OS X and use
brew, just run:
Otherwise, see the install guide.
Scanning your local network
Let’s scan your home network. If you’re on a public wifi network, it’d be best to wait until you got back home. You can get in trouble using nmap to scan computers you don’t have the permission to scan.
First, determine what address range your local network uses. You can use this command to figure it out:
Here’s the command we’ll use. I’ll explain each part.
nmap we want it to try to figure out the operating system of each host it finds. Using this flag means we need to use
sudo to run
-v turns on verbose mode. You can make it
-vv for extra verbosity.
/24 at the end denotes the subnet we want to scan. In this case,
10.0.0.1/24 means every address between
nmap does a lot for you automatically. We didn’t specify the type of scanning we want it to do, so it uses a combination of techniques to discover hosts and scan ports. You can read more about the scanning options available to you by looking at
Go ahead and run the command to see the hosts on your network 😎
Check out the nmap documentation to continue your nmap adventures.